ikreymer
commented
8 years ago Found a perhaps simpler solution, just disabling execution of *term in all containers, solves most serious issue with linux browsers.. will see if custom apparmor still necessary -- Docker already provides a default one
Create profiles for different browsers, probably using https://github.com/jfrazelle/bane to restrict execution with browser containers
This should address some (but not all) of the more serious security issues.